Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a3dfa541-2d9a-3c38-a0bc-99c31047a7c8.roa
File:                     a3dfa541-2d9a-3c38-a0bc-99c31047a7c8.roa (raw, json)
Hash identifier:          CwDTvFcQz0OYy6H/IsH0jy0IgR1TQ8lqt/grQ317cHI=
Subject key identifier:   74:51:A0:66:22:F8:95:35:CC:37:54:6D:55:51:80:9E:AB:60:CE:3B
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D3F6877618705050E6DEAF100
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a3dfa541-2d9a-3c38-a0bc-99c31047a7c8.roa
Signing time:             Tue 15 Mar 2022 04:00:00 +0000
ROA not before:           Tue 15 Mar 2022 04:00:00 +0000
ROA not after:            Tue 07 Mar 2028 05:00:00 +0000
asID:                     7029
IP address blocks:        206.217.32.0/19 maxlen: 19
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:3f:68:77:61:87:05:05:0e:6d:ea:f1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 15 04:00:00 2022 GMT
            Not After : Mar  7 05:00:00 2028 GMT
        Subject: CN=9ed4cb72-a6ef-442d-8044-1c6e99a7ced7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:94:62:c5:c1:4c:ab:ee:f3:42:a0:89:cf:e3:
                    62:3f:f1:7e:44:fb:23:ba:9b:7a:69:66:67:eb:23:
                    2c:d7:8f:39:61:b0:48:c2:88:99:7d:83:39:fa:49:
                    84:5f:c1:e3:f6:a9:72:e0:e4:31:6f:4d:44:8f:75:
                    2a:d5:ab:bd:52:b2:9d:21:f8:e6:0f:34:e4:65:c8:
                    fc:b5:4a:c3:fc:03:18:e0:b1:df:e0:2a:12:b0:2b:
                    b0:96:fc:d5:67:ab:e3:b4:6d:db:ae:68:86:da:69:
                    56:49:7f:a0:60:5f:a2:c9:07:2d:42:ef:70:a9:2e:
                    c9:36:a9:bf:8f:5e:28:49:be:f9:9b:25:61:d8:ad:
                    20:7e:f8:1d:eb:e8:60:72:59:f7:39:78:bf:94:d8:
                    9f:64:f5:f2:3c:f6:0d:39:0d:56:cd:9a:8d:e0:f5:
                    e8:4b:00:47:0d:46:82:df:99:e6:b5:5e:9d:00:9a:
                    67:aa:eb:73:c4:42:22:8a:d6:e0:37:19:a6:77:e3:
                    fe:33:82:82:e7:03:ef:f7:09:5b:66:8f:d8:44:1d:
                    fa:5f:fd:56:b6:b0:88:55:03:64:dc:2c:51:3b:23:
                    87:59:d8:d7:46:d3:e2:1f:02:0f:9e:c2:81:80:6d:
                    c6:38:b9:0c:00:85:5e:11:06:7f:e1:65:7f:29:fd:
                    07:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:51:A0:66:22:F8:95:35:CC:37:54:6D:55:51:80:9E:AB:60:CE:3B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a3dfa541-2d9a-3c38-a0bc-99c31047a7c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.217.32.0/19

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         90:34:14:94:c9:e1:fd:29:37:c3:8f:83:74:88:9a:6b:6d:47:
         34:d7:8c:3e:9e:b7:cf:68:30:37:39:1e:25:be:0c:66:cd:51:
         22:42:22:d4:bf:e9:1e:93:4b:7c:fb:f2:2f:15:f7:75:f8:32:
         67:07:8a:d1:7c:e4:e2:46:a9:c9:96:e9:ec:c5:36:c4:47:4c:
         00:2c:24:35:03:02:5c:96:87:71:7d:d7:fe:94:be:56:b7:a4:
         54:d4:53:98:7f:9b:4b:1b:69:5f:a2:d7:26:07:b7:ff:9f:e1:
         48:33:ba:d6:51:70:fb:47:25:d9:38:b0:c8:c3:e4:ff:09:22:
         f8:0d:f3:5a:53:0f:0c:56:69:f8:a4:ad:b0:02:21:7d:28:76:
         38:9c:a7:4b:d7:c9:3d:61:3b:a1:ad:21:51:6c:a4:27:ff:e5:
         38:ee:32:e8:c4:a6:9f:2c:8b:f4:4d:63:cb:df:31:57:69:20:
         02:49:5e:72:38:df:b1:42:aa:30:29:ed:4d:16:75:3d:1c:df:
         ee:12:c7:20:9d:55:96:e3:29:4b:a4:84:b8:1b:e9:72:62:ec:
         d7:a4:77:d5:e4:e6:fb:6b:53:2b:52:c4:68:4d:64:47:78:b2:
         bc:21:6a:59:05:e3:3a:b5:6b:2b:7c:2c:1c:c9:98:6a:d9:b5:
         39:a2:16:30
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD0/aHdhhwUFDm3q8QAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMxNTA0MDAwMFoXDTI4MDMwNzA1MDAwMFowLzEtMCsGA1UEAxMk
OWVkNGNiNzItYTZlZi00NDJkLTgwNDQtMWM2ZTk5YTdjZWQ3MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZRixcFMq+7zQqCJz+NiP/F+RPsjupt6aWZn
6yMs1485YbBIwoiZfYM5+kmEX8Hj9qly4OQxb01Ej3Uq1au9UrKdIfjmDzTkZcj8
tUrD/AMY4LHf4CoSsCuwlvzVZ6vjtG3brmiG2mlWSX+gYF+iyQctQu9wqS7JNqm/
j14oSb75myVh2K0gfvgd6+hgcln3OXi/lNifZPXyPPYNOQ1WzZqN4PXoSwBHDUaC
35nmtV6dAJpnqutzxEIiitbgNxmmd+P+M4KC5wPv9wlbZo/YRB36X/1WtrCIVQNk
3CxROyOHWdjXRtPiHwIPnsKBgG3GOLkMAIVeEQZ/4WV/Kf0HBQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFHRRoGYi+JU1zDdUbVVRgJ6rYM47MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYTNkZmE1NDEtMmQ5YS0z
YzM4LWEwYmMtOTljMzEwNDdhN2M4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFztkgMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAJA0FJTJ4f0pN8OPg3SImmttRzTXjD6et89oMDc5HiW+DGbNUSJCItS/
6R6TS3z78i8V93X4MmcHitF85OJGqcmW6ezFNsRHTAAsJDUDAlyWh3F91/6Uvla3
pFTUU5h/m0sbaV+i1yYHt/+f4UgzutZRcPtHJdk4sMjD5P8JIvgN81pTDwxWafik
rbACIX0odjicp0vXyT1hO6GtIVFspCf/5TjuMujEpp8si/RNY8vfMVdpIAJJXnI4
37FCqjAp7U0WdT0c3+4SxyCdVZbjKUukhLgb6XJi7Nekd9Xk5vtrUytSxGhNZEd4
srwhalkF4zq1ayt8LBzJmGrZtTmiFjA=
-----END CERTIFICATE-----
Generated at Sat Apr 12 03:00:57 2025 by rpki-client